Why is “privacy engineering” suddenly important?
Data Privacy and Security

Why is “privacy engineering” suddenly important?

At the very start of the twentieth century Abigail Robertson visited a photographic studio in Rochester, New York, to have her portrait taken. The image captured was beautiful. It showed a porcelain head and shoulders, turned in semi-profile, with brunette hair arranged neatly above the nape. This was a private family picture, which was sold into a public advertisement, and ended up plastered on 250,000 posters across the state.

Abigail Robertson sued for $15,000. Her consent had never been sought and her plea was mental distress. Her lawyer argued that she was not a public figure, she was a private citizen, and displaying her image against her will violated “the sacred right of privacy”. The press was on her side, the public were incensed and now, over a century later, it provides the start of a very long running debate about privacy.

Today people are still deeply (and justifiably) concerned about how their images are reused but now, more worryingly, a wealth of deeply personal data also exists. This means the parameters of privacy have expanded. So, while the moral battle on privacy may have been won over a century ago and the legal battle on privacy is gradually gaining ground, there are a whole host of logistical details that still haven’t been fleshed out yet. Legislation like the GDPR “right to be forgotten” brings this closer to the fore.

The EU’s GDPR rule comes into effect next year but while some clarity is emerging, doubt reigns. Find out what we know, and don’t know, about GDPR

 

What is “privacy engineering”?

Privacy engineering is an attempt to tackle these logistics. It is multi-discipline, which makes it difficult to hire for and even more complex to put into practice because it covers legal issues, computer science, data governance and IT security. The first Masters in the subject was launched at Carnegie Mellon in the Autumn of 2013 but skills still remain in short supply.

It is a subject that only really started getting talked about widely about two years ago and this tended to be in quite an academic way. “There are many different, non-agreed-upon definitions of privacy engineering,” explained National Institution of Standards and Technology (NIST) senior privacy policy analyst Naomi Lefkovitz at the Global Privacy Summit in 2015. “But a methodology for mitigating risk tends to be a thread through many of the different definitions.”

Michelle Dennedy, chief privacy officer at Cisco, an attorney and author of the book The Privacy Engineer's Manifesto explained in a panel discussion on ZDNET earlier this year that the techniques used are “based on really foundational computer science”. While the wealth of data needed for AI and machine learning makes this approach particularly important to businesses.

It is not surprising, therefore, that a number of commercial offerings have emerged to offer specific services in the area. Protegrity, which has been running since 1996, offers bespoke encryption services to protect sensitive data. In 2015 HP acquired Voltage to improve its own encryption and tokenisation abilities. While newer startups like Californian Dataguise, which provides “one dashboard to rule sensitive data” and British Privitar, which raised $16M in this exact area in July and is working to take ownership of the term, are gaining traction.

Tech Crunch journalist, Ingrid Lunden, points out that that while all this is not exactly new territory for technologists  – behemoths like Apple, Microsoft and Google have all begun to build better privacy in their own data activities –  the new wave of companies are different because they’re offering these tools out to others.

Like many terms which used to be quite niche and unknown, it looks like privacy engineering could become quite commonplace very soon indeed. It also seems likely that a whole host of new startups will emerge in the space over the next couple of years. These could prove an important way to ensure all the latest data-driven businesses stay compliant.

PREVIOUS ARTICLE

«Everything you need to know about… Artificial intelligence

NEXT ARTICLE

DevOps: Where’s all the security talent? »

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?